Often times on engagements or during CTFs, I need to catch some kind of request made from a target machine. This could be for catching XSS payloads, SSRF verification, Remote File Inclusion, or a handful of other scenarios. I could catch all of these on my personal device by opening up ports into my network, but I find it much easier (and probably a lot more secure) to use a cloud instance for this purpose.
I’ve been asked enough times by people during CTFs how to deploy a quick and dirty VPS, so this blog post is mainly a resource for me to send to them 🙂
For this article, I’ll be covering using Amazon Web Services (AWS). There are many providers for this, such as Google Cloud Services, Digital Ocean, Azure, etc., but I personally prefer AWS. With AWS you get 1 year of free-tier usage, and after the 1-year it’s relatively inexpensive for lightweight boxes (which is all we need!). Fortunately what I cover here should more or less apply to any other provider.
The process for us to get up and running will be:
- Create an AWS account
- Launch an EC2 instance
- Use the box!
1. Create an AWS Account
This should be pretty straight forward, go sign up for AWS Here.
You’ll need to provide some personal information, including attaching a credit card. If you stick to only using what’s marked as Free-Tier, this card won’t be billed. Every provider that I know of will require this same process.
2. Launch an EC2 Instance
Login to your new account and head to the AWS Management Console. As you’ll see, you can do a lot with AWS. Fortunately we only need a very small subset of what’s available.
Select EC2 under the Compute section and you should see a screen like:
Select the big blue Launch Instance button.
Choose any instance type you want, my go-to is usually:
Ubuntu Server 16.04 LTS (HVM), SSD Volume Type
Next you’ll have to choose the tier of instance that you want. I recommend going with the t2.micro. It fall under the AWS free tier, and even when not free, only costs a few bucks a month. You can always change the instance type later to match your needs.
At this point, if you really want to go crazy configuring, you can hit “Next: Configure Instance Details” and go through each step. You can customize storage size, networking options, etc. Go through each page if you want, but the most important for getting our cloud instance up is the “Configure Security Group” step.
By default, instances will be creating a new security group and have port 22/TCP open from anywhere. If you know exactly what ports you need opened, this is the place to configure them. If you just want a wide-open box on the internet, use the settings I have in the screenshot.
Disclaimer: Opening up all traffic to your instance has some very obvious risks associated. Be smart about what you put on this instance.
After your instance is all configured, hit the blue “Review and Launch” button in the bottom right.
Scroll through this page and make sure everything looks good. If it does, go ahead and hit “Launch”
If you’ve never launched an instance before, you’ll have to “Create a new key pair”. This will be your SSH key pair for logging into your instance. Give it a name and “Download Key Pair”. As the warning says, this is your one and only way of obtaining this private key. Once you have your key, go ahead and “Launch Instances”.
Navigate to the “Running Instances” page which can be found on our EC2 Dashboard (look at the first screenshot in this section).
You should see your instance in the list. If it says “Initializing” under “Status Checks”, just give it a few minutes. You can double click on the first column (in the blank space) and assign a name for this instance. If you right click the instance and choose “Connect” you’ll get some fancy instructions on how to SSH into your instance.
3. Use the Box!
Depending on the instance type, the username may change for SSH. It’s usually “ubuntu” for ubuntu boxes and “ec2-user” for almost everything else. This user will have full sudo permissions, so go ahead and “sudo -i” after connecting to become root.
You now have an internet-exposed AWS instance that you can use however you want!
If you ever want to stop the instance, you can right click it in the EC2 Dashboard and select “Instance State -> Stop”. Stopping an instance will let you start it back up again. If you want to completely purge it, select Terminate. Terminated boxes will still show up on your dashboard for a while, but they go away eventually.